From b013173c86b79e709cfed92a99046b266a80aae5 Mon Sep 17 00:00:00 2001
From: zzz <zzz@mail.i2p>
Date: Tue, 6 Feb 2018 21:52:02 +0000
Subject: [PATCH] Util: Allow backslash in XSS filter on Windows

---
 .../java/src/net/i2p/servlet/filters/XSSRequestWrapper.java | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/apps/jetty/java/src/net/i2p/servlet/filters/XSSRequestWrapper.java b/apps/jetty/java/src/net/i2p/servlet/filters/XSSRequestWrapper.java
index 8d16e5953..718411696 100644
--- a/apps/jetty/java/src/net/i2p/servlet/filters/XSSRequestWrapper.java
+++ b/apps/jetty/java/src/net/i2p/servlet/filters/XSSRequestWrapper.java
@@ -13,13 +13,17 @@ import javax.servlet.http.HttpServletRequestWrapper;
 
 import net.i2p.I2PAppContext;
 import net.i2p.util.Log;
+import net.i2p.util.SystemVersion;
 
 /**
  *  @since 0.9.14
  */
 public class XSSRequestWrapper extends HttpServletRequestWrapper {
     // Adapted from https://owasp-esapi-java.googlecode.com/svn/trunk/configuration/esapi/ESAPI.properties
-    private static final Pattern parameterValuePattern = Pattern.compile("^[\\p{L}\\p{Nd}.,:\\-\\/+=~\\[\\]?@_ \r\n]*$");
+    private static final String NON_WIN_PATTERN = "^[\\p{L}\\p{Nd}.,:\\-\\/+=~\\[\\]?@_ \r\n]*$";
+    // Same as above but with backslash for file paths
+    private static final String WIN_PATTERN     = "^[\\p{L}\\p{Nd}.,:\\-\\/+=~\\[\\]?@_ \r\n\\\\]*$";
+    private static final Pattern parameterValuePattern = Pattern.compile(SystemVersion.isWindows() ? WIN_PATTERN : NON_WIN_PATTERN);
     private static final Pattern headerValuePattern = Pattern.compile("^[a-zA-Z0-9()\\-=\\*\\.\\?;,+\\/:&_ ]*$");
     private static final String NOFILTER = "nofilter_";